Sun Microsystems has donated new cryptography technology to an open-source project at the heart of many secure transactions on the Internet.

Sun's "elliptic curve" technology is involved in the process of using keys to encrypt and decrypt information for electronic transactions. Such encryption lets people buy products online, for example, while shielding their credit card number from prying eyes. The Santa Clara, California-based server seller donated the technology to the OpenSSL project, a programming group that makes an open-source version of the Secure Sockets Layer (SSL) encryption system.

Elliptic curve cryptography will enable secure communications with devices that don't have as much calculating power as most desktop computers, said Whitfield Diffie, Sun's chief security officer and a pioneer of the Diffie-Hellman "public key" cryptography method used today in SSL and other encryption systems. Diffie spoke Thursday during a news conference at the SunNetwork conference in San Francisco.

"Small gadgets are the most obvious place to use it," Diffie said, but once the technology is built, it likely will spread farther. "The deployment schedule is on the order of several years to a decade unless something comes along in the interim. I would conjecture that by 2010 or so, this will be widely used."

Current encryption technology is based on mathematics developed in the 17th and 18th centuries, Diffie said. "Elliptic curve cryptography brings it forward into the mathematics of the 19th century," he said.

Diffie exhorted companies to build security into computing services from the start, not patch it on at the end, and announced Sun products to help in that plan. In combination with software and hardware companies, Sun announced a partnership to build a "perimeter security" product that handles problems at the boundary of corporate computing networks and the public Internet. The product will filter out undesired network traffic, detect intrusions and screen for viruses.

Sun also announced a secure Web server, the software that delivers Web pages across the Internet. Because Web servers typically are very public, they're a particular target for attacks over the network.

The increasing reliance on computer-based records compared with paper-based records makes good computing security essential, Diffie added. "Ten years ago, probably you'd have been OK if you lost your computer files and you had your paper records," but no longer.

Diffie's cryptography work didn't always sit well with US government agencies that wanted to keep control over computer security, he said. Today, the government recognises that there needs to be a collaboration with the private sector. Reinforcing the point, Diffie shared the stage with Richard Clarke, President Bush's special advisor on cyberspace security, who unveiled on Wednesday a public-private sector plan to increase computing security.

Related Links US government unveils cybersecurity plan Sun releases open-source Liberty tool Sun sets pace for Web services security